Clik here to view.
Reversing Basics Part 3: Dynamically Reversing main()
By Robert Portvliet. This is the thrid blog post in a four part series. In the first post, we reviewed the structure of a simple C program. In the second post, we reviewed how that program translated...
View ArticleClik here to view.
Potential attack vectors against Z-Wave®
By Robert Portvliet.A couple years ago I was doing some research on Z-Wave, and after sifting through what was publicly available regarding the protocol I came up with some ideas as to how it might be...
View ArticleClik here to view.
Quick Reversing - WebEx One-Click Password Storage
By Brad Antoniewicz.Cisco's WebEx is a hugely popular platform for scheduling meetings. You can conduct video and voice calls, screen sharing, and chat through the system. Meetings are usually created...
View ArticleCisco ACS Local PAC File Write Redirect
By Brad Antoniewicz. A couple months ago I came across a sort of interesting bug in the CSUtil.exe. I'd say the overall severity of the vulnerability is pretty low, but I'm wondering if anyone can...
View ArticleClik here to view.
FSFlow - A Social Engineering Call Flow Application
By Brad Antoniewicz. A few months ago I was thinking about ways to improve and standardize social engineering calls. It's a difficult thing to do, conversations can go almost anywhere over the span of...
View ArticleClik here to view.
Remote Code Execution on Wired-side Servers over Unauthenticated Wireless
By Brad Antoniewicz. TL;DR - There's a remote code execution vulnerability that can be exploited via 802.11 wireless to compromise a wired side server. The attacker needs no prior knowledge of the...
View ArticleClik here to view.
Accurate CVSS Scoring in PCI ASV Scans
By Vijay Agarwal. Payment Card Industry (PCI) vulnerability scanning involves having an Approved Scanning Vendor (ASV) perform a vulnerability scan as per PCI DSS requirement 11.2 on all IP...
View ArticleClik here to view.
Analyzing Keychain Contents with iOSKeychain Analyzer
By Neelay Shah. iOS exposes a secure storage "Keychain" which can be used by applications to securely store critical and security sensitive data such as symmetric keys, asymmetric private keys,...
View ArticleClik here to view.
Bypassing XSS Mitigations with HTTP Parameter Pollution
By Piyush Mittal. HTTP Parameter Pollution is overriding or adding HTTP GET/POST parameters by injecting query string delimeters. Basically, the attacker sends the same parameter multiple times to...
View ArticleClik here to view.
Validating Custom Sanitization in Web Applications with Saner
By Gursev Singh Kalra. I recently read a paper in which the authors combined static and dynamic source code review techniques to evaluate the effectiveness of custom build data sanitization routines in...
View ArticleClik here to view.
iOS 7 Security Settings and Recommendations
By Kunjan Shah. Apple finally released the much anticipated iOS 7 last Wednesday, September 18th. A lot of people are rushing in and updating to this latest version. It hit 18% adoption in just 24...
View ArticleClik here to view.
Getting a Grip on Your Cuckoo Reports
By Melissa Augustine. I recently had a forensics case where I had to test a lot of files for malicious behavior. “No problem!” I thought, “I can just use my watcher script to automatically push all 50...
View ArticleClik here to view.
Analysis of a Malware ROP Chain
By Brad Antoniewicz. Back in February an Adobe Reader zero-day was found being actively exploited in the wild. You may have seen an analysis of the malware in a number of places. I recently came across...
View ArticleClik here to view.
Using the OmniKey CardMan 5321/5325 in Kali Linux
By Brad Antoniewicz. In a previous post on my old blog I detailed how to set up the OmniKey CardMan 5321 in Backtrack. It's surprising how often this topic comes up. Everyone wants to do RFID hax but...
View ArticleClik here to view.
Extracting RSAPrivateCrtKey and Certificates from an Android Process
By Gursev Singh Kalra. An Android application that I assessed recently had extensive cryptographic controls to protect client-server communication and to secure its local storage. To top that, its...
View ArticleClik here to view.
Debugging Out a Client Certificate from an Android process
By Gursev Singh Kalra. On most of my Mobile Hacking projects I setup my web proxy to intercept Android application’s traffic, test the proxy configuration, and traffic interception usually works like a...
View ArticleClik here to view.
Patching an Android Application to Bypass Custom Certificate Validation
By Gursev Kalra. One of the important tasks while performing mobile application security assessments is to be able to intercept the traffic (Man in The Middle, MiTM) between the mobile application and...
View ArticleClik here to view.
Getting Started with WinDBG - Part 1
By Brad Antoniewicz. WinDBG is an awesome debugger. It may not have a pretty interface or black background by default, but it still one of the most powerful and stable Windows debuggers out there. In...
View ArticleClik here to view.
Getting Started with WinDBG - Part 2
By Brad Antoniewicz. This is a multipart series walking you through using WinDBG - we've gotten you off the ground with our last blog post, and now we'll focus on it's core functionality so that you...
View ArticleClik here to view.
Getting Started with WinDBG - Part 3
By Brad Antoniewicz.In this series of blog posts we've walked you through getting WinDBG installed, setup, and got you started by attaching to a process and setting breakpoints. Our next step is the...
View Article